2.1.2.5 Mixed Web Environment

As listed in section 2.2.3, the authentication protocols that are primarily used in web environments for authentication and secure transportation of application data are Digest Protocol Extensions [MS-DPSP], Transport Layer Security (TLS) Profile [MS-TLSP], and HTTP Authentication: Basic and Digest Access Authentication [RFC2617].

The following diagram illustrates authentication protocol interactions in a mixed web environment, which is the combination of Internet and enterprise environments.

If users have domain accounts but have to connect to a web server from outside the domain or from an untrusted domain (for example, over the Internet), clients cannot use the SPNEGO [MS-SPNG] and [MS-NEGOEX] or Kerberos [MS-KILE] protocols. Instead, clients can use custom authentication protocols, an HTTP authentication mechanism, or the SSL/TLS protocol [MS-TLSP] and then can transition to Kerberos protocol extensions.

Figure 12: Authentication protocol standards in a mixed web environment